#17408 closed defect (bug) (fixed)
feed_links_extra does not escape html entities, causing invalid (X)HTML
Reported by: | solarissmoke | Owned by: | ryan |
---|---|---|---|
Milestone: | 3.3 | Priority: | normal |
Severity: | normal | Version: | 3.1 |
Component: | Template | Keywords: | has-patch dev-feedback |
Focuses: | Cc: |
Description
I was investigating this forum thread and found that the issue was with core.
When pretty permalinks are disabled, feed_links_extra()
can generate URLs like this for a search result:
href="http://localhost/wp/?s=something&feed=rss2"
...which is invalid html because the ampersand should be escaped as an entity.
Patch attached.
Attachments (1)
Change History (9)
Note: See
TracTickets for help on using
tickets.
Escape href before outputting. Also, there is no need to escape the title in each if{} block, just do it at the end.